update fork

.codacy.yml

@@ -0,0 +1,3 @@
+---
+exclude_paths:
+  - 'graphql_jwt/refresh_token/migrations/*'

README.rst

@@ -1,7 +1,7 @@
 Django GraphQL JWT
 ==================
 
-|Pypi| |Build Status| |Codecov| |Code Climate|
+|Pypi| |Build Status| |Codecov| |Codacy|
 
 
 `JSON Web Token <https://jwt.io/>`_ authentication for `Django GraphQL <https://github.com/graphql-python/graphene-django>`_
@@ -85,6 +85,6 @@ Fantastic documentation is available at https://django-graphql-jwt.domake.io.
    :target: https://codecov.io/gh/flavors/django-graphql-jwt
    :alt: Codecov
 
-.. |Code Climate| image:: https://api.codeclimate.com/v1/badges/c79a185d546f7e34fdd6/maintainability
-   :target: https://codeclimate.com/github/flavors/django-graphql-jwt
-   :alt: Codeclimate
+.. |Codacy| image:: https://api.codacy.com/project/badge/Grade/4f9fd439fbc74be88a215b9ed2abfcf9
+   :target: https://app.codacy.com/gh/flavors/django-graphql-jwt?utm_source=github.com&utm_medium=referral&utm_content=flavors/django-graphql-jwt&utm_campaign=Badge_Grade_Dashboard
+   :alt: Codacy

docs/settings.rst

@@ -55,6 +55,22 @@ PyJWT
   Default: ``settings.SECRET_KEY``
 
 
+`JWT_PUBLIC_KEY`_
+~~~~~~~~~~~~~~~~~
+
+  The RSA public key for *RS256*, *RS384* or *RS512* asymmetric algorithms. ``JWT_SECRET_KEY`` setting will be ignored
+
+  Default: ``None``
+
+
+`JWT_PRIVATE_KEY`_
+~~~~~~~~~~~~~~~~~
+
+  The RSA private key for *RS256*, *RS384* or *RS512* asymmetric algorithms. ``JWT_SECRET_KEY`` setting will be ignored
+
+  Default: ``None``
+
+
 `JWT_VERIFY`_
 ~~~~~~~~~~~~~
 

graphql_jwt/backends.py

@@ -17,4 +17,4 @@ def authenticate(self, request=None, **kwargs):
         return None
 
     def get_user(self, user_id):
-        return jwt_settings.JWT_GET_USER_BY_NATURAL_KEY_HANDLER(user_id)
+        return None

graphql_jwt/decorators.py

@@ -92,15 +92,15 @@ def wrapper(cls, root, info, password, **kwargs):
         context._jwt_token_auth = True
         username = kwargs.get(get_user_model().USERNAME_FIELD)
 
-        user = jwt_settings.JWT_GET_USER_BY_NATURAL_KEY_HANDLER(username)
-        if user is None:
-            raise exceptions.JSONWebTokenError(
-                _('Please enter valid credentials'),
-            )
+        # user = jwt_settings.JWT_GET_USER_BY_NATURAL_KEY_HANDLER(username)
+        # if user is None:
+        #     raise exceptions.JSONWebTokenError(
+        #         _('Please enter valid credentials'),
+        #     )
 
         user = authenticate(
             request=context,
-            username=user.username,
+            username=username,
             password=password,
         )
         if user is None:

graphql_jwt/settings.py

@@ -11,6 +11,8 @@
     'JWT_ISSUER': None,
     'JWT_LEEWAY': 0,
     'JWT_SECRET_KEY': settings.SECRET_KEY,
+    'JWT_PUBLIC_KEY': None,
+    'JWT_PRIVATE_KEY': None,
     'JWT_VERIFY': True,
     'JWT_VERIFY_EXPIRATION': False,
     'JWT_EXPIRATION_DELTA': timedelta(seconds=60 * 5),

graphql_jwt/utils.py

@@ -36,15 +36,15 @@ def jwt_payload(user, context=None):
 def jwt_encode(payload, context=None):
     return jwt.encode(
         payload,
-        jwt_settings.JWT_SECRET_KEY,
+        jwt_settings.JWT_PRIVATE_KEY or jwt_settings.JWT_SECRET_KEY,
         jwt_settings.JWT_ALGORITHM,
     ).decode('utf-8')
 
 
 def jwt_decode(token, context=None):
     return jwt.decode(
         token,
-        jwt_settings.JWT_SECRET_KEY,
+        jwt_settings.JWT_PUBLIC_KEY or jwt_settings.JWT_SECRET_KEY,
         jwt_settings.JWT_VERIFY,
         options={
             'verify_exp': jwt_settings.JWT_VERIFY_EXPIRATION,
@@ -94,10 +94,10 @@ def get_payload(token, context=None):
 
 
 def get_user_by_natural_key(username):
-    User = get_user_model()
+    UserModel = get_user_model()
     try:
-        return User.objects.get_by_natural_key(username)
-    except User.DoesNotExist:
+        return UserModel._default_manager.get_by_natural_key(username)
+    except UserModel.DoesNotExist:
         return None
 
 

requirements/test.txt

@@ -1,4 +1,5 @@
 coverage>=4.4
+cryptography>=2.0.3
 pytest>=3.3.1
 pytest-cov>=2.4.0
 pytest-django>=3.1.2

tests/test_backends.py

@@ -47,5 +47,5 @@ def test_authenticate_missing_token(self):
         self.assertIsNone(user)
 
     def test_get_user(self):
-        user = self.backend.get_user(self.user.get_username())
-        self.assertEqual(user, self.user)
+        user = self.backend.get_user(self.user.pk)
+        self.assertIsNone(user)

tests/test_utils.py

@@ -1,6 +1,9 @@
 from datetime import timedelta
 from unittest import mock
 
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.asymmetric import rsa
+
 from graphql_jwt import exceptions, utils
 from graphql_jwt.settings import jwt_settings
 
@@ -29,6 +32,28 @@ def test_issuer(self):
         self.assertEqual(payload['iss'], 'test')
 
 
+class AsymmetricAlgorithmsTests(TestCase):
+
+    def test_rsa_jwt(self):
+        private_key = rsa.generate_private_key(
+            public_exponent=65537,
+            key_size=2048,
+            backend=default_backend(),
+        )
+        public_key = private_key.public_key()
+        payload = utils.jwt_payload(self.user)
+
+        with override_jwt_settings(
+                JWT_PUBLIC_KEY=public_key,
+                JWT_PRIVATE_KEY=private_key,
+                JWT_ALGORITHM='RS256'):
+
+            token = utils.jwt_encode(payload)
+            decoded = utils.jwt_decode(token)
+
+        self.assertEqual(payload, decoded)
+
+
 class GetHTTPAuthorizationHeaderTests(TestCase):
 
     def test_get_authorization_header(self):